Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in Q4 2017.

October

KRACK – Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/
https://blog.cryptographyengineering.com/2017/10/16/falling-through-the-kracks/
https://github.com/vanhoefm/krackattacks-scripts

ROCA – Vulnerable RSA generation
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://gist.github.com/hannob/ad37d9e9e3cbf3b89bc0a8fc80cb9475

Exploiting DDE in Microsoft Office
https://www.securityforrealpeople.com/2017/10/exploiting-office-native-functionality.html
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b
https://www.vanimpe.eu/2017/10/23/malware-abusing-microsoft-office-dde-features/

BadRabbit Technical Analysis
https://blog.malwarebytes.com/threat-analysis/2017/10/badrabbit-closer-look-new-version-petyanotpetya/
https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis
https://bartblaze.blogspot.co.uk/2017/10/comparing-eternalpetya-and-badrabbit.html
http://blog.talosintelligence.com/2017/10/bad-rabbit.html

SSL/TLS and PKI History
https://www.feistyduck.com/ssl-tls-and-pki-history/

Deep Insights into the CCleaner Backdoor
https://www.crowdstrike.com/blog/protecting-software-supply-chain-deep-insights-ccleaner-backdoor/

E-mail spoofing by breaking DKIM
http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html

Sed and Awk for pentester
https://posts.specterops.io/fawk-yeah-advanced-sed-and-awk-usage-parsing-for-pentesters-3-e5727e11a8ad

Strategies for offline PGP key storage
https://lwn.net/Articles/734767/

Wi-Fi packet sniffing / monitoring on Windows using Raspberry Pi
https://zone13.io/post/wifi-monitoring-using-raspberry-pi/

Disqus Demonstrates How to Do Breach Disclosure Right
https://www.troyhunt.com/disqus-demonstrates-how-to-do-data-breach-disclosure-right/

MetaTwin – Borrowing Microsoft Metadata and Digital Signatures to “Hide” Binaries
http://threatexpress.com/2017/10/metatwin-borrowing-microsoft-metadata-and-digital-signatures-to-hide-binaries/

Reverse engineering a Gameboy ROM with radare2
https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/

Inside the macOS log: logd and the files that it manages
https://eclecticlight.co/2017/10/10/inside-the-macos-log-logd-and-the-files-that-it-manages/

What’s your Mac been up to for the last 3 months? Inside macOS’s hidden activity records
https://eclecticlight.co/2017/10/13/whats-your-mac-been-up-to-for-the-last-3-months-inside-macoss-hidden-activity-records/

The Absurdly Underestimated Dangers of CSV Injection
http://georgemauer.net/2017/10/07/csv-injection.html

My First CloudFront Domain Takeover/Hijack
https://blog.zsec.uk/subdomainhijack/

Hack ATM with an anti-hacking feature and walk away with $1M in 2 minutes
https://embedi.com/blog/hack-atm-anti-hacking-feature-and-walk-away-1m-2-minutes/

Apple HEIF and HEVC file format analysis
https://cheeky4n6monkey.blogspot.co.uk/2017/10/monkey-takes-heic.html

Inside Two-Factor Authentication Apps
https://hackaday.com/2017/10/16/inside-two-factor-authentication-apps/

A Closer Look at North Korea’s Internet
https://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-north-koreas-internet/

Everything You Wanted To Know About Blockchains
https://unwttng.com/what-is-a-blockchain

Build Your Own Blockchain
https://medium.facilelogin.com/build-your-own-blockchain-b8eaeea2f891

The 6-Step “Happy Path” to HTTPS
https://www.troyhunt.com/the-6-step-happy-path-to-https/

IoT_reaper: A Rappid Spreading New IoT Botnet
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/

A brief introduction to the Windows Registry with RegRipper & Registry Explorer
https://www.fwhibbit.es/windows-registry-prepare-the-coffeemaker
https://www.fwhibbit.es/another-view-of-registry-i-do-it-with-registryexplorer-and-you

Spoofing GPS signals to crash stock exchanges
https://qz.com/1106064/the-entire-global-financial-system-depends-on-gps-and-its-shockingly-vulnerable-to-attack/

Recovering a blurred QR Code to access a bitcoin wallet private key
https://medium.freecodecamp.org/lets-enhance-how-we-found-rogerkver-s-1000-wallet-obfuscated-private-key-8514e74a5433

Securing a Web Hidden Service – Quick guide on how to preserve a .onion anonymity
https://blog.0day.rocks/securing-a-web-hidden-service-89d935ba1c1d

Hacking Cryptocurrency Miners with OSINT Techniques
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157

Some links to cool CIA articles
https://medium.com/@thegrugq/some-links-to-cool-cia-articles-852a675b8192

Bug Bounty Toolkit
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f

10 Methods to Bypass Cross Site Request Forgery (CSRF)
https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/

The iPad Pro as main computer for programming
https://jann.is/ipad-pro-for-programming/

Vim after 15 Years
https://statico.github.io/vim3.html

Learn to use GNU awk with hundreds of examples
https://github.com/learnbyexample/Command-line-text-processing/blob/master/gnu_awk.md

Building Better Security Presentations
https://medium.com/@sroberts/building-better-security-presentations-f20b0f89282c

Modern Love: Are We Ready for Intimacy With Robots?
https://www.wired.com/2017/10/hiroshi-ishiguro-when-robots-act-just-like-humans/

November

Creating a Simple Free Malware Analysis Environment
https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html

Microsoft Security Advisory – Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields
https://technet.microsoft.com/library/security/4053440.aspx?f=255&MSPPError=-2147217396

New WikiLeaks publication reveals CIA wrote code to impersonate Kaspersky Labs anti-virus company
https://wikileaks.org/vault8/

OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society
https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/

The $280M Ethereum’s Parity bug
https://blog.comae.io/the-280m-ethereums-bug-f28e5de43513

Getting Local Admin by Abusing the Anti-Virus Quarantine
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/

Analysis of the ShadowBrokers “envisoncollision” Exploit
https://steemit.com/security/@shadoweye/analysis-of-the-shadowbrokers-envisoncollision-exploit

Results of a Password Cracking Contest for My Security Class (Fall 2017)
https://mchow01.github.io/education/security/2017/11/04/password-cracking.html

How I Reverse Engineered and Exploited a Smart Massager
https://medium.com/@arunmag/how-i-reverse-engineered-and-exploited-a-smart-massager-ee7c9f21bf33

Inside a low budget consumer hardware espionage implant
https://ha.cking.ch/s8_data_line_locator/

PureVPN: A bundle of WTF
https://medium.com/@infodox/purevpn-a-bundle-of-wtf-a1e832c78a8e

Places of Interest in Stealing NetNTLM Hashes
https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/

Investigation Report for the September 2014 Equation malware detection incident in the US
https://securelist.com/investigation-report-for-the-september-2014-equation-malware-detection-incident-in-the-us/83210/

250+ tools for managing Apple devices
http://krypted.com/mac-os-x/the-apple-toolchain/

Reverse engineering the Intel FSP… a primer guide!
https://puri.sm/posts/primer-to-reverse-engineering-intel-fsp/

The Motherboard Guide to Not Getting Hacked
https://motherboard.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide

Fully undetectable backdooring PE file
https://haiderm.com/fully-undetectable-backdooring-pe-file/

Exfiltration of personal data by session-replay scripts
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/
https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html

x64 Egg hunting in Linux systems
https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems/

Using Burp Suite’s Collaborator to Find the True IP Address for a .Onion Hidden Service
http://digitalforensicstips.com/2017/11/using-burp-suites-collaborator-to-find-the-true-ip-address-for-a-onion-hidden-service/

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
https://btc-hijack.ethz.ch/

Segwit2x Bugs Explained
https://bitcointechtalk.com/segwit2x-bugs-explained-8e0c286124bc

Unofficial Guide to Mimikatz & Command Reference
https://adsecurity.org/?page_id=1821

Why Gets You Root – tracking down the cause of a macOS serious authentication flaw
https://objective-see.com/blog/blog_0x24.html

iOS 11 Horror Story: the Rise and Fall of iOS Security
https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/

Understanding and Exploiting Web-based LDAP
https://pen-testing.sans.org/blog/2017/11/27/understanding-and-exploiting-web-based-ldap

Huge Dirty COW vulnerability (CVE-2017–1000405) writeup and PoC
https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0

Apple is sharing your face with apps. That’s a new privacy worry.
https://www.washingtonpost.com/news/the-switch/wp/2017/11/30/apple-is-sharing-your-face-with-apps-thats-a-new-privacy-worry/

A beginner’s guide to getting started in the cryptocurrency world
https://blog.goodaudience.com/a-beginners-guide-to-getting-started-in-the-cryptocurrency-world-69c50516be71

An Intro to x86_64 Reverse Engineering
https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/

December

Reverse Engineering Using Radare2
https://medium.com/@jacob16682/reverse-engineering-using-radare2-588775ea38d5
https://medium.com/@jacob16682/reverse-engineering-with-radare2-part-2-83b71df7ffe4

Analysis malicious document files (PDF, Office, RTF)
https://securityoversimplicity.wordpress.com/2017/09/28/not-all-she-wrote-part-1-rigged-pdfs/
https://securityoversimplicity.wordpress.com/2017/10/22/not-all-she-wrote-part-2-rigged-office-documents-part-1/
https://securityoversimplicity.wordpress.com/2017/10/22/not-all-she-wrote-part-2-rigged-office-documents-part-2/
https://securityoversimplicity.wordpress.com/2017/11/23/not-all-she-wrote-part-3-rigged-rtf-documents/

Spreading techniques using deception based architecture.
https://www.scribd.com/document/366244507/Spreading-Techniques-and-Deception-based-Detection-Acalvio-Technical-White-Paper

MailSploit – a collection of bugs in email clients that allow effective sender spoofing and code injection attacks
https://www.mailsploit.com/index

Review & Teardown of a cheap GPS Jammer
https://phasenoise.livejournal.com/2017/11/3185.html

Process Doppelgänging
http://www.c0d3xpl0it.com/2017/12/process-doppelganging.html
https://github.com/Spajed/processrefund

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks
https://pen-testing.sans.org/blog/2017/09/29/modern-web-application-penetration-testing-part-2-hash-length-extension-attacks

EUD Security Guidance: macOS 10.13 High Sierra
https://www.ncsc.gov.uk/guidance/eud-security-guidance-macos-1013-high-sierra

The Mathematics of 2048: Counting States by Exhaustive Enumeration
http://jdlm.info/articles/2017/12/10/counting-states-enumeration-2048.html

How to write an Application Security Resume
https://www.linkedin.com/pulse/how-write-application-security-resume-ajin-abraham/

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
https://github.com/LordNoteworthy/al-khaser

DNS Performance Comparison: Google, Quad9, OpenDNS, Norton, CleanBrowsing, and Yandex
https://hackernoon.com/dns-performance-comparison-google-quad9-opendns-norton-cleanbrowsing-and-yandex-d62d24e38f98

Fox-IT hit by cyber attack: Lessons learned from a Man-in-the-Middle attack
https://www.fox-it.com/en/insights/blogs/blog/fox-hit-cyber-attack/

Metasploitable 3 – A Walk-through: Linux Edition
https://docs.google.com/document/d/1SDbTN4BDqE5W_mpANK8v4EgZndK9tgEeTy7A_k7MQr4/edit

My Grand Tour of Pentest Interviews
https://ch1kpee.com/2017/12/11/my-grand-tour-of-pentest-interviews/

Great iOS Jailbreak Material
https://github.com/zhengmin1989/GreatiOSJailbreakMaterial

AppLocker – Case study – How insecure is it really?
https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/
https://oddvar.moe/2017/12/21/applocker-case-study-how-insecure-is-it-really-part-2/

Harden Windows with AppLocker – based on Case study
https://oddvar.moe/2017/12/13/harden-windows-with-applocker-based-on-case-study-part-1/
https://oddvar.moe/2017/12/21/harden-windows-with-applocker-based-on-case-study-part-2/

North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group
https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new

Learn all you need to know to start doing web penetration testing
https://pentesterlab.com/exercises/web_for_pentester/course

Learn Android Security
https://androidtamer.com/learn_android_security

Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp
https://blog.nviso.be/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis
https://www.elie.net/blog/security/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis

Why TLS 1.3 isn’t in browsers yet
https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/

Analyzing an Apple Pay Transaction with Proxmark3
https://salmg.net/2017/12/29/analyzing-an-apple-pay-transaction-with-proxmark3/

No boundaries for user identities: Web trackers exploit browser login managers
https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/

Data analysis of Game of Thrones determines who really is the main character
https://thenextweb.com/contributors/2017/10/06/data-analysis-reveals-main-character-along-game-thrones/

Cracking Encrypted PDFs
https://blog.didierstevens.com/2017/12/26/cracking-encrypted-pdfs-part-1/
https://blog.didierstevens.com/2017/12/27/cracking-encrypted-pdfs-part-2/
https://blog.didierstevens.com/2017/12/28/cracking-encrypted-pdfs-part-3/
https://blog.didierstevens.com/2017/12/29/cracking-encrypted-pdfs-conclusion/

Invoke-Obfuscation – a PowerShell v2.0+ compatible PowerShell command and script obfuscator
https://github.com/danielbohannon/Invoke-Obfuscation
http://www.danielbohannon.com/blog-1/2017/12/2/the-invoke-obfuscation-usage-guide
http://www.danielbohannon.com/blog-1/2017/12/2/the-invoke-obfuscation-usage-guide-part-2

The Ghost in the MP3
http://theghostinthemp3.com/theghostinthemp3.html

DOS Attack Penetration Testing (Part 1)
http://www.hackingarticles.in/dos-penetration-testing-part-1/

My Favorite Deep Learning Papers of 2017
http://cachestocaches.com/2017/12/favorite-deep-learning-2017/

Best crypto blog posts of 2017
https://www.cryptologie.net/article/435/best-crypto-blog-posts-of-2017/

Mac Malware of 2017
https://objective-see.com/blog/blog_0x25.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s